adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

The _lastAction property should not double include the base path.

Browse source 
FormHelper should not run URLs through Router twice when determining the
the form's lastAction attribute. However, because we're using the helper
method (see #9414) we do need to HTML decode the URL before using it in
form token generation.

Refs #9455
This commit is contained in:
mark_story 2016-09-13 22:21:01 -04:00
parent 925a45b6b1
commit 4f70bdb3b8
2 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/Cake/Test/Case/View/Helper/FormHelperTest.php
View file

@ -539,6 +539,7 @@ class FormHelperTest extends CakeTestCase {
$this->Form->request['action'] = 'add'; $this->Form->request['action'] = 'add';
$this->Form->request->webroot = ''; $this->Form->request->webroot = '';
$this->Form->request->base = ''; $this->Form->request->base = '';
Router::setRequestInfo($this->Form->request);
ClassRegistry::addObject('Contact', new Contact()); ClassRegistry::addObject('Contact', new Contact());
ClassRegistry::addObject('ContactNonStandardPk', new ContactNonStandardPk()); ClassRegistry::addObject('ContactNonStandardPk', new ContactNonStandardPk());
@ -8191,12 +8192,14 @@ class FormHelperTest extends CakeTestCase {
*/ */
public function testPostLinkSecurityHashInline() { public function testPostLinkSecurityHashInline() {
$hash = Security::hash( $hash = Security::hash(
'/posts/delete/1' . '/basedir/posts/delete/1' .
serialize(array()) . serialize(array()) .
'' . '' .
Configure::read('Security.salt') Configure::read('Security.salt')
); );
$hash .= '%3A'; $hash .= '%3A';
$this->Form->request->base = '/basedir';
$this->Form->request->webroot = '/basedir/';
$this->Form->request->params['_Token']['key'] = 'test'; $this->Form->request->params['_Token']['key'] = 'test';
$this->Form->create('Post', array('url' => array('action' => 'add'))); $this->Form->create('Post', array('url' => array('action' => 'add')));
@ -8206,7 +8209,11 @@ class FormHelperTest extends CakeTestCase {
$this->assertEquals(array('Post.title'), $this->Form->fields); $this->assertEquals(array('Post.title'), $this->Form->fields);
$this->assertContains($hash, $result, 'Should contain the correct hash.'); $this->assertContains($hash, $result, 'Should contain the correct hash.');
$this->assertAttributeEquals('/posts/add', '_lastAction', $this->Form, 'lastAction was should be restored.'); $this->assertAttributeEquals(
'/basedir/posts/add',
'_lastAction',
$this->Form,
'lastAction was should be restored.');
} }
/** /**

4
lib/Cake/View/Helper/FormHelper.php
View file

@ -1888,7 +1888,7 @@ class FormHelper extends AppHelper {
} }
$previousLastAction = $this->_lastAction; $previousLastAction = $this->_lastAction;
$this->_lastAction($formUrl); $this->_lastAction($url);
$out = $this->Html->useTag('form', $formUrl, $formOptions); $out = $this->Html->useTag('form', $formUrl, $formOptions);
$out .= $this->Html->useTag('hidden', '_method', array( $out .= $this->Html->useTag('hidden', '_method', array(
@ -3105,7 +3105,7 @@ class FormHelper extends AppHelper {
* @return void * @return void
*/ */
protected function _lastAction($url) { protected function _lastAction($url) {
$action = Router::url($url, true); $action = html_entity_decode($this->url($url), ENT_QUOTES);
$query = parse_url($action, PHP_URL_QUERY); $query = parse_url($action, PHP_URL_QUERY);
$query = $query ? '?' . $query : ''; $query = $query ? '?' . $query : '';
$this->_lastAction = parse_url($action, PHP_URL_PATH) . $query; $this->_lastAction = parse_url($action, PHP_URL_PATH) . $query;